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DETAILED ACTION 

Response to Amendment 
This office action is in response to amendment filed on 1 1/10/05. The amendment filed 
on 1 1/10/05 have been entered and made of record. Therefore, presently pending claims are 1, 4- 
20, 23-31, and 34-43. 

Response to Arguments 

Applicant's arguments filed 1 1/10/05 have been fully considered but they are not 
persuasive because of following reasons. 

Applicant argued that there does not appear to be anything in Zinger that would suggest 
that the output datum would take on characteristic appearance when other than the correct user 
access code is entered. This is not found persuasive. Zinger discloses that after the PDN is 
entered the alarm is set and then the system continues processing the transaction. This does 
indeed suggest that the output datum has the characteristic appearance of said at least a portion of 
said confidential datum (column 7 lines 6-16). The PDN is the incorrect user access code since it 

T* 

is in one example the inverted version of the PIN number (column 6 lines (50-55). The output 
datum can also be a portion of the confidential datum when the system only provides a portion of 
the fimds by limiting the funds available (Fig. 8). f 

\ 

The examiner asserts that Pavlov, Spratte, and Zingher do teach or suggest the subject 
matter broadly recited in independent Claims 1, 20, 31, 42, and 43. Dependent Claims 4-19, 23- 
30, and 34-41 are also rejected at least by virtue of their dependency on independent claims and 
by other reason set forth in this office action. Accordingly, rejections for claims 1, 4-20, 23-31, 
and 34-43 are respectfully maintained. 
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Claim Rejections - 35 USC §103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. ' 

Claims 1, 4-20, 23-31, and 34-43 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Pavlov (4,614,861) in view of Spratte (5,764,766) and further in view of 
Zingheretal (5,731,575). 

In reference to claims I, 20, 31, 42-43, Pavlov discloses a system a self-contained card 
that has the ability to verify a personal identification number that is entered directly into the body 
by way of a keyboard (abstract). The self-contained card comprises: (a) a computer- 
implemented input for receiving a input access code (Fig_l part 12 in combination with column 
1 1 lines 60-67); output said datum reproducing said at least a portion of said user's confidential 
datum (TIC) if said input access code equals said user's access code (column 12 lines 15-30); and 
(d) said generation of said output datum occurring without dependence on any storage of any 
form of said at least a portion of said confidential datum (column 12 lines 29-67). 

Although Pavlov discloses the generation of confidential data, TIC, Pavlov does not 
disclose a seed derivation module operatively connected to said input, for deriving a seed usable 
to generate at least a portion of said confidential datum; a seed-based data generation module 
implementing a predetermined data generation protocol that was previously used by a seed-based 
initialization of said confidential datum of said user, containing a representation of a seed-access 
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code relationship, and configured to generate an output datum by digitally processing said 
derived seed in accordance with said seed-access code relationship. 

Spratte discloses a system and method for encrypting data communication comprising the 
generation of an encryption key (abstract). The applicant does not define a data generation 
protocol; as a result, a data generation protocol is a method of generating data. In addition, the 
applicant does not define a seed access code. A value generated using the access code or 
identification number. The system of Spratte includes a seed derivation module operatively 
connected to said input, for deriving a seed usable to generate at least a portion of said 
confidential datum (column 2 line65 to column 3 line 1); a seed-based data generation module 
implementing a predetermined data generation protocol that was previously used by a seed-based 
initialization of said confidential datum of said user, containing a representation of a seed-access 
code relationship, and configured to generate an output datum (encryption key) by digitally 
processing (hashed) said derived seed in accordance with said seed-access code relationship 
(column 3 lines 1-10). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to generate a key as in Spratte in the system of Pavlov. One^of ordinary skill in 
the art would have been motivated to do this because it would create keys that meet export 
conditions, but are unique enough to make them difficult to hack. 

Pavlov and Spratte do not expressly disclose a system wherein for at least one input 
access code not equaling said user's access code, said output datum has the characteristic 
appearance of said at least a portion of said confidential datum, but said output datum does not 
reproduce at least a portion of said user's confidential datum. 
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Although Pavlov discloses checking the matching of the access code, Pavlov does not 
expressly disclose the output datum has the characteristic appearance of the portion of the 
confidential datum when the input access code is not equal to the user's access code. 

Zingher discloses a system and method for the discrete identification of a duress 
transaction at an ATM banking machine (abstract). The system includes a system wherein for at 
least one input access code not equaling said user's access code, said output datum has the 
characteristic appearance of said at least a portion of said confidential datum, but said output 
datum does not reproduce at least a portion of said user's confidential datum (Fig. 1 1 in 
combination with column 6 line 66 to column 7 line 16). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to produce the output datum that has the characteristic appearance of a portion of 
confidential datum when the input access code is not equal to the user's access. One of ordinary 
skill in the art would have been motivated to do this because it would alert the system when a 
transaction being carried out is not voluntary (column 3 lines 40-57). 

In reference to claims 4, 23, and 34, Pavlov discloses a system where said access code is 
a PIN (FigJ7). 

Spratte discloses a system and method for encrypting data communication comprising the 
generation of an encryption key (abstract); and said confidential datum 
includes an asymmetric cryptographic key (column 3 lines 1-10). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to generate a key as in Spratte in the system fo Pavlov. One of ordinary skill in 
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the art would have been motivated to do this because it would create keys that meet export 
conditions, but are unique enough to make them difficult to hack. 

In reference to claim 5, Pavlov does not discloses a system where said output datum has 
the characteristic appearance of an asymmetric cryptographic key. 

Spratte discloses a system and method for encrypting data communication comprising the 
generation of an encryption key (abstract); said output datum has the characteristic appearance of 
an asymmetric cryptographic key. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to generate a key as in Spratte in the system fo Pavlov. One of ordinary skill in 
the art would have been motivated to do this because it would create keys that meet export 
conditions, but are unique enough to make them difficult to hack. 

In reference to claim 6 y Pavlov discloses a system wherein the access code is a PIN 
(Fig_7). 

Spratte discloses a system and method for encrypting data communication comprising the 
generation of an encryption key (abstract); and said confidential datum includes a symmetric 
cryptographic key (column 3 lines 1-10). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to generate a key as in Spratte in the system fo Pavlov. One of ordinary skill in 
the art would have been motivated to do this because it would create keys that meet export 
conditions, but are unique enough to make them difficult to hack. 

In reference to claims 7, 24, 35, and 36, where said seed-access code relationship is a 
identity relationship, so that said derived seed equals said input access code (Fig_7). 
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In reference to claims 8 and 25, a system where said seed-access code relationship 
represents said derived seed as a padded version of said input access code. 

Spratte discloses a system and method for encrypting data communication comprising the 
generation of an encryption key (abstract); and where said seed-access code relationship 
represents said derived seed as a padded version of said input access code, (column 3 lines 1-10). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to generate a key as in Spratte in the system of Pavlov. One of ordinary skill in 
the art would have been motivated to do this because it would create keys that meet export 
conditions, but are unique enough to make them difficult to hack. 

In reference to claims 9, 26, and 37, Pavlov does not disclose a system where said seed- 
access code relationship includes a version of said initial seed masked by user's access code. 

Spratte discloses a system and method for encrypting data communication comprising the 
generation of an encryption key (abstract); and where said seed-access code relationship includes 
a version of said initial seed masked by user's access code (column 3 lines 1-10). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to generate a key as in Spratte in the system fo Pavlov. One of ordinary skill in 
the art would have been motivated to do this because it would create keys that meet export 
conditions, but are unique enough to make them difficult to hack. 

In reference to claims 10, 27, and 38, where: (i) said masked version of said initial seed 
includes an XOR of said initial seed with said user's access code; and (ii) said processing of said 
derived seed in accordance with said seed-access code relationship includes XORing said 
masked version of said initial seed with said derived seed. 
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Spratte discloses a system wherein the initial seed (salt) is combined with the user's 
access code (primary key). XOR is a form of combining initial seed with the user's access code. 
The processing of the derived seed (hashing) as disclosed by Spratte only discloses Message 
Digest 5 as an example; therefore XORing is one another possible way to implement a hash 
function. 

At the time the invention was made, it would have been obvious tc^ a person of ordinary 
skill in the art to generate a key as in Spratte in the system fo Pavlov. One of ordinary skill in 
the art would have been motivated to do this because it would create keys that meet export 
conditions, but are unique enough to make them difficult to hack. 

In reference to claim 11, Pavlov does not disclose a system further comprising program 
code for updating a user's old access code with a user's new access code by replacing said stored 
masked version of said initial seed with its value XORed with said user s old access code XORed 
with id user's new access code. 

Spratte discloses a system further comprising program code for updating a user's old 
access code with a user's new access code by replacing said stored masked version of said initial 
seed with its value XORed with said user s old access code XORed with id user's new access 
code (column 3 lines 29-45). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to generate a key as in Spratte in the system fo Pavlov. One of ordinary skill in 
the art would have been motivated to do this because it would create keys that meet export 
conditions, but are unique enough to make them difficult to hack. 
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In reference to claims 12, 28, and 39, Pavlov does not disclose a system where: (i) said 
seed-access code relationship includes a truncated version of said initial seed capable of being 
concatenated with said input access code to form said derived seed; and (ii) said processing of 
said derived seed in accordance with said seed-access code relationship includes concatenating 
said truncated version of said initial seed with said input access code. 

Spatte discloses combining the salt with the primary key which results in the said seed- 
access code relationship includes a truncated version of said initial seed capable of being 
concatenated with said input access code to form said derived seed. The hash result in the 
concatenation and truncation of the encryption key. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to generate a key as in Spratte in the system fo Pavlov. One of ordinary skill in 
the art would have been motivated to do this because it would create keys that meet export 
conditions, but are unique enough to make them difficult to hack. 

In reference to claims 13, 29, and 40, Pavlov does not dislcose a system where: (i) said 
seed-access code relationship includes values of, and associations between, a plurality of 
possible values of said input access code and a corresponding plurality of possible values of said 
derived seed; and (ii) said processing of said derived seed in accordance with said seed-access 
code relationship includes looking up and outputting said possible value of said derived seed 
corresponding to said input access code. 

Spatte discloses a system where (i) said seed-access code relationship includes values of, 
and associations between, a plurality of possible values of said input access code and a 
corresponding plurality of possible values of said derived seed; and (ii) said processing of said 
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derived seed in accordance with said seed-access code relationship includes looking up and 
outputting said possible value of said derived seed corresponding to said input access code 
(column 3 lines 30-45). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to generate a key as in Spratte in the system fo Pavlov. One of ordinary skill in 
the art would have been motivated to do this because it would create keys that meet export 
conditions, but are unique enough to make them difficult to hack. 

In reference to claims 14, 30, and 41, Pavlov does not discloses a system where: (1) said 
seed derivation module is merged with said data generation module; (2) said output datum 
includes said derived seed. 

Spatte discloses a system where: (1) said seed derivation module is merged with said data 
generation module; (2) said output datum includes said derived seed (column 3 lines 1-10). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to generate a key as in Spratte in the system of Pavlov. One of ordinary skill in 
the art would have been motivated to do this because it would create keys that meet export 
conditions, but are unique enough to make them difficult to hack. 

In reference to claim 15, where said confidential datum includes a private key of said 
user, and said output datum has the characteristic appearance of a private key. 

Spatte discloses a system where: said confidential datum includes a private key of said 
user, and said output datum has the characteristic appearance of a private key (column 3 lines 1- 
10). 



Application/Control Number: 09/874,795 Page 1 1 

Art Unit: 2135 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to generate a key as in Spratte in the system fo Pavlov. One of ordinary skill in 
the art would have been motivated to do this because it would create keys that meet export 
conditions, but are unique enough to make them difficult to hack. 

In reference to claim I6 f where said user's public key corresponding to said user's private 
key is pseudo-public. * : 

Spatte discloses a system where: said user's public key corresponding to said user's 
private key is pseudo-public (column 3 lines 1-10). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to generate a key as in Spratte in the system fo Pavlov. One of ordinary skill in 
the art would have been motivated to do this because it would create keys that meet export 
conditions, but are unique enough to make them difficult to hack. 

In reference to claim 17, a system further comprising a digital certificate containing said 
pseudo-public key. 

Spatte discloses a system further comprising a digital certificate containing said pseudo- 
public key (column 3 lines 1-10). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to generate a key as in Spratte in the system fo Pavlov. One of ordinary skill in 
the art would have been motivated to do this because it would create keys that meet export 
conditions, but are unique enough to make them difficult to hack. 
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In reference to claim 18 where said digital certificate includes an encrypted version of 
said user's pseudo-public key encrypted under a certifier's key which is not verifiable except by 
authorized verifiers. 

Spatte discloses a system with an encryption key (column 3 lines 1-10). The digital 
certificate is a form of security that contains the key and certifies the ownership of the key and 
therefore added security. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to generate a key as in Spratte in the system fo Pavlov. One of ordinary skill in 
the art would have been motivated to do this because it would create keysrthat meet export 
conditions, but are unique enough to make them difficult to hack. 

In reference to claim 19, Pavlov discloses a system that is configured to be remotely 
accessible to a roaming user across a network (column 9 lines 64-66). 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Paula W. Klimach whose telephone number is (571) 272-3854. 
The examiner can normally be reached on Mon to Thr 9:30 a.m to 5:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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